HowTo configure a single sign-on into Redmine from an other App on the same server » History » Version 3
Denis Savitskiy, 2014-11-27 14:21
preformatted code
| 1 | 1 | Patrick Ludikhuyze | h1. HowTo configure a single sign-on into Redmine from an other App on the same server |
|---|---|---|---|
| 2 | |||
| 3 | We had an App on our server and wanted to integrate Redmine into it. |
||
| 4 | We configured an LDAP authentication which made it possible for users to login with the same username and password. |
||
| 5 | But I didn't much like them needing to login again every time they needed to open Redmine helpdesk/issue tracking part of our site. |
||
| 6 | |||
| 7 | Therefore I configured my App to create an autologin token for Redmine whenever they open the Redmine menu option. |
||
| 8 | |||
| 9 | h3. Basic Steps |
||
| 10 | |||
| 11 | * Create/update Redmine user reference (e.g. update user name, forename and e-mail address every time in case they changed) |
||
| 12 | The same way LDAP authentication reads the info from my Apps tables, I now create or update the user from my App into Redmine user table. |
||
| 13 | This also ensures that any modification to user name and e-mail are properly synced to Redmine long after initial creation. |
||
| 14 | |||
| 15 | * Configure Redmine to allow Autologin (Settings - Authentication) for the minimal 1 day |
||
| 16 | We also chose to not use Self registration but that could be site specific. |
||
| 17 | OpenID and Rest API authentication are not required for this to work; it depends on your use of Redmine. |
||
| 18 | |||
| 19 | * Configure the use of autologin cookie also in config/configuraion.yml |
||
| 20 | 3 | Denis Savitskiy | <pre> |
| 21 | autologin_cookie_name: autologin |
||
| 22 | autologin_cookie_path: / |
||
| 23 | autologin_cookie_secure: false |
||
| 24 | </pre> |
||
| 25 | 1 | Patrick Ludikhuyze | |
| 26 | P.S. I tried renaming the cookie without immediate success but it wasn't too important for me to use an other cookie name so I didn't pursue it further. |
||
| 27 | |||
| 28 | * Delete existing autologin token from Redmine DB |
||
| 29 | 3 | Denis Savitskiy | <pre> |
| 30 | SQL> delete from redminedb.tokens where action = 'autologin' and user_id = ...; |
||
| 31 | </pre> |
||
| 32 | 1 | Patrick Ludikhuyze | |
| 33 | * Create our new autologin token into Redmine DB |
||
| 34 | Create an sha1 hash of some secret/personal variable for the user and write it into the tokens table (e.g. 4277e87755e03ca3ad3b343ede51971dec52852b) |
||
| 35 | 3 | Denis Savitskiy | <pre> |
| 36 | SQL> insert into redminedb.tokens (user_id, action, value, created_on) values (...,'autologin','4277e87755e03ca3ad3b343ede51971dec52852b',now()); |
||
| 37 | </pre> |
||
| 38 | 1 | Patrick Ludikhuyze | |
| 39 | * Create cookie with autologin token |
||
| 40 | This will be specific to your App but here's the syntax for PHP using above generated sha1 with a validity of 4 hours: |
||
| 41 | 3 | Denis Savitskiy | <pre> |
| 42 | setcookie('autologin', '4277e87755e03ca3ad3b343ede51971dec52852b', time()+60*60*4, '/', '.yourdomain.be'); |
||
| 43 | </pre> |
||
| 44 | 1 | Patrick Ludikhuyze | |
| 45 | Be sure the cookie domain covers both your domain and your Redmine domain (e.g. when you install in a sub URI). |
||
| 46 | |||
| 47 | * Sanitise command line to forward URL arguments to Redmine |
||
| 48 | 2 | Patrick Ludikhuyze | I also configured Redmine Host name and path (Settings - General) to point at the Redmine menu option in my App. So when Redmine sends e-mails, the click through URLs go trough my App, request the proper login and pass the rest of the URL to Redmine. |
| 49 | 1 | Patrick Ludikhuyze | That would be site specific but shouldn't be too hard. |
| 50 | |||
| 51 | That should do the trick! |
||
| 52 | |||
| 53 | Happy Redmining ;-) |